qakbot | 03f712c3030fb4a4411425162df5ee361f7b7b7d3b853d57aec1aeae3bca5429 | Triage

Sharing

General

Target

03f712c3030fb4a4411425162df5ee361f7b7b7d3b853d57aec1aeae3bca5429
Size

307KB
Sample

210114-bc74e4ba8s
MD5

93dd26240487e270fc89cab981fef68b
SHA1

67d72eb632af612c29bbd5e7cbc7fa28e1eff0e1
SHA256

03f712c3030fb4a4411425162df5ee361f7b7b7d3b853d57aec1aeae3bca5429
SHA512

7b9ee97f18973799a8f47114b2417b9fe09ade5800bf5d531d34aa8fe93c303d7f260e8f378e20b0c917209405cdac3dfc79148b778a522a3b91fe94fd667d69

Score

10^/10

qakbot tr02 1607427512 banker stealer trojan

Malware Config

Extracted

Family

qakbot

Botnet

tr02

Campaign

1607427512

C2

73.32.115.251:443

161.199.180.159:443

185.163.221.77:2222

197.161.154.132:443

105.198.236.99:443

83.196.50.197:2222

96.225.88.23:443

156.222.27.207:995

81.214.126.173:2222

83.110.13.182:2222

85.121.42.12:443

67.82.244.199:2222

172.87.157.235:3389

86.176.133.145:2222

72.186.1.237:443

80.11.5.65:2222

94.59.236.155:995

81.150.181.168:2222

184.98.97.227:995

149.28.101.90:443

Targets

- Target
  
  03f712c3030fb4a4411425162df5ee361f7b7b7d3b853d57aec1aeae3bca5429
- Size
  
  307KB
- MD5
  
  93dd26240487e270fc89cab981fef68b
- SHA1
  
  67d72eb632af612c29bbd5e7cbc7fa28e1eff0e1
- SHA256
  
  03f712c3030fb4a4411425162df5ee361f7b7b7d3b853d57aec1aeae3bca5429
- SHA512
  
  7b9ee97f18973799a8f47114b2417b9fe09ade5800bf5d531d34aa8fe93c303d7f260e8f378e20b0c917209405cdac3dfc79148b778a522a3b91fe94fd667d69
Score

10^/10

qakbot tr02 1607427512 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qakbottr021607427512bankerstealertrojan

behavioral2

qakbottr021607427512bankerstealertrojan